> | Moin Mark!
> | Mark Baker schrieb am Monday, den 24. December 2001:
> |
> | > I believe one should never use exim_user = root at all, but I don't
> | > understand why that should lead to it being an open relay.
> |
> | Its not related to running exim as root at all. However, if you do run
> | exim (on Linux only) out of inetd, it does become an open relay.
> |
> | This has been reported before(check archives). The current solution is
> | to run exim as a standalone daemon (-bd).
>
> I just searched the archives and didn't see anything mentioned about
> this. Could you provide pointers? Does this affect xinetd too?
this should affect xinetd too.
I've sent following letter to Mark:
=====
As I said, there are certain situations, when you have to run it from root.
and exim_user = root should NEVER lead to open relay anyway.
so this is the bug.
bug was discussed about a month ago on debian-russian, and <dbg>
suggested, that the qhole point is in the way exim tries to find out
whether it has been launched from inetd or from init.d, and if it's
launched from inetd, it will check relays, etc.
look at this piece of code from exim:
if (smtp_input && (real_uid == root_uid ||
(exim_uid_set && real_uid == exim_uid)))
{
int size = sizeof(inetd_sock);
if (getpeername(0, (struct sockaddr *)(&inetd_sock), &size) == 0)
{
int family = ((struct sockaddr *)(&inetd_sock))->sa_family;
if (family == AF_INET || family == AF_INET6) is_inetd = TRUE;
}
}
obvious, that with such combination of real/effective uid's, as in our
situation, it be never able to identify that it has been launched from
inetd.
suggested simple fix is to call getpeername always, without relying on
uid combination.
if you don't beleive this bug exists, just try it for yourself,
instructions below.
On Mon, Dec 24, 2001 at 11:51:22AM +0000, Mark Baker wrote:
--original message quoted--
> I believe one should never use exim_user = root at all, but I don't
> understand why that should lead to it being an open relay.
>
> ----- Forwarded message from nslu@??? -----
>
> Envelope-to: mark@???
> Delivery-date: Fri, 21 Dec 2001 21:30:05 +0000
> Subject: Bug#126124: exim: promiscuous relay if running from inetd w/ exim_user=root in cf
> Reply-To: nslu@???, 126124@???
> Original-Sender: nick slussar <nslu@???>
> X-Debian-PR-Message: report 126124
> X-Debian-PR-Package: exim
> X-Debian-PR-Keywords:
> From: nslu@???
> To: submit@???
> Date: Fri, 21 Dec 2001 16:15:43 -0500
> Delivered-To: submit@???
>
> Package: exim
> Version: 3.33-1
> Severity: critical
>
> First, I'd like to point that this bug affects also woody version
> of exim. It should be totally reproducible.
>
> Here is my scenario:
>
> 1) run exim from inetd, like this
> smtp stream tcp nowait mail /usr/sbin/exim exim -bs
>
> note the user - mail.
>
> 2) in exim.conf put
>
> exim_user = root
>
> which is required in some cases, like when exim uses pam_unix auth with
> shadow passwords.
>
> 3) result: host becomes fully open relay to anybody, ignoring any
> relay-control stuff in exim.conf.
>
>
>
> That's it.
>
>
> -- System Information
> Debian Release: 3.0
> Kernel Version: Linux damn 2.4.14-xfs #3 Tue Dec 11 09:41:39 EST 2001 i686 unknown
>
> Versions of the packages exim depends on:
> ii cron 3.0pl1-72 management of regular background processing
> ii libc6 2.2.4-7 GNU C Library: Shared libraries and Timezone
> ii libdb2 2.7.7.0-3 The Berkeley database routines (run-time fil
> ii libident 0.22-2 simple RFC1413 client library - runtime
> ii libldap2 2.0.14-1.1 OpenLDAP libraries.
> ii libpam0g 0.72-34 Pluggable Authentication Modules library
> ii libpcre3 3.4-1.1 Philip Hazel's Perl Compatible Regular Expre
> ii netbase 4.07 Basic TCP/IP networking system
>
>
> ----- End forwarded message -----
--
nick slussar
--
nick slussar